From: Nick Bowler <nbowler@elliptictech.com>
To: Kees Cook <kees@outflux.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Linux 3.6
Date: Thu, 4 Oct 2012 13:16:02 -0400 [thread overview]
Message-ID: <20121004171602.GA20155@elliptictech.com> (raw)
In-Reply-To: <20121004161422.GF9092@outflux.net>
On 2012-10-04 09:14 -0700, Kees Cook wrote:
> On Thu, Oct 04, 2012 at 12:03:54PM -0400, Nick Bowler wrote:
> > On 2012-10-04 08:49 -0700, Kees Cook wrote:
> > > On Thu, Oct 04, 2012 at 09:35:04AM -0400, Nick Bowler wrote:
[...]
> > > > The thing that bothers me most about all this is that it's basically
> > > > impossible to see why things are failing without digging through the git
> > > > tree or posting to the mailing list (or recalling earlier mailing list
> > > > discussions about the restriction, as I vaguely do now). You just
> > > > suddenly get "permission denied" errors when all the permissions
> > > > involved look fine. As far as I know, the owner, group and mode of
> > > > symlinks have always been completely meaningless. Upgrade to 3.6, and
> > > > they're suddenly meaningful in extremely non-obvious ways.
> > >
> > > FWIW, there should have been an audit message about it in dmesg.
> >
> > There were zero messages in the kernel log.
> >
> > # dmesg -C
> > # cd /tmp
> > # mkdir testdir
> > # ln -s testdir testlink
> > # chown -h nobody testlink
> > # cd testlink
> > cd: permission denied: testlink
> > # dmesg
> > (no output)
>
> Well that's sad. :( Two situations I can think of for that:
> - the kernel wasn't build with CONFIG_AUDIT
Indeed, I do not have this option enabled. Why would I have it? The
description says it's for SELinux, which I do not use.
Cheers,
--
Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/)
next prev parent reply other threads:[~2012-10-04 17:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-01 0:38 Linux 3.6 Linus Torvalds
2012-10-03 19:46 ` Nick Bowler
2012-10-03 20:05 ` Kees Cook
2012-10-03 20:29 ` Linus Torvalds
2012-10-03 20:41 ` Theodore Ts'o
2012-10-03 20:49 ` Kees Cook
2012-10-03 20:54 ` Linus Torvalds
2012-10-03 20:58 ` Kees Cook
2012-10-03 21:05 ` Alan Cox
2012-10-03 21:04 ` Kees Cook
2012-10-04 13:35 ` Nick Bowler
2012-10-04 15:49 ` Kees Cook
2012-10-04 16:03 ` Nick Bowler
2012-10-04 16:14 ` Kees Cook
2012-10-04 17:16 ` Nick Bowler [this message]
2012-10-04 21:30 ` Stefan Richter
2012-10-09 18:51 ` Nick Bowler
2012-10-03 20:49 ` Alan Cox
2012-10-03 22:23 ` Matthias Schniedermeyer
2012-10-03 23:58 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121004171602.GA20155@elliptictech.com \
--to=nbowler@elliptictech.com \
--cc=kees@outflux.net \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).